P2020-ND-193

*n or about May 20, 2020, an unauthorized third party(ies) used North American IP addresses to perpetrate a ?brute force? attack against the Organization?s online customer account system. The attacker made repeated trial-and-error attempts to log into the Organization?s online customer accounts using email addresses combined with hundreds or possibly thousands of passwords. Some of the email addresses used by the attacker belong to the Organization?s customers and former customers but other email addresses do not, which indicates that the attacker used lists of email addresses obtained from another source (e.g. the dark web). The Organization reported that it does not know if the attacker used passwords that were guessed or were compromised authentic passwords used for online services unconnected with the Organization. On May 25, 2020, the Organization determined that the attacker accessed two (2) accounts belonging to two (2) former customers, both of whom reside in Alberta.
? The Organization said that while the attacker was able to access the accounts, it does not know whether the attacker actually accessed the personal information in the accounts.

File Type: pdf
File Size: 618 KB
Categories: 2020